----------------
- The pki --scep|--scepca commands support the HTTP-based "Simple Certificate
- Enrollment Protocol" (RFC 8894 SCEP) replacing the obsoleted scepclient that
- has been removed.
+ Enrollment Protocol" (RFC 8894 SCEP) replacing the old and long deprecated
+ scepclient that has been removed.
- The pki --est|estca commands support the HTTPS-based "Enrollment over Secure
- Transport" (RFC 7070 EST) protocol.
+ Transport" (RFC 7030 EST) protocol.
- The pki --req command can create a certificate request based on an existing
PKCS#10 template by replacing the public key and re-generating the signature
with the new private key.
+- For IKEv2, the ike_updown() "up" event and the state change to IKE_ESTABLISHED
+ are now triggered after all IKE-related tasks are done.
+
+- The ike_cfg_t object is now always replaced together with the peer_cfg_t
+ object that's set on an IKE_SA during authentication.
+
+- The gcm plugin has been enabled by default, so that the TLS 1.3 unit tests
+ can be completed successfully with just the default plugins.
+
+- The socket plugins don't set the SO_REUSEADDR option anymore on the IKE UDP
+ sockets, so an error is triggered if e.g. two daemons (e.g. charon and
+ charon-systemd) are running concurrently using the same ports.
+
- The charon.rsa_pss_trailerfield setting generates an algorithmIdentifier with
explicit trailerField.
projects / thirdparty / strongswan.git / commitdiff
